Dropbox used by Chinese hackers to spread malware

Popular cloud-based file-sharing service Dropbox wants to be all things to all people, with big plans to share application metadata — game saves, settings preferences and so forth — as well as raw files across devices and platforms.

But when Dropbox CEO Drew Houston announced last week that Dropbox intends to "replace the hard drive," he probably didn't expect Chinese hackers to take him up on it so quickly.

Comment Crew, the same Chinese cyberespionage team thought to be behind the recent attack on The New York Times, has been using publicly shared Dropbox folders to spread malware, reports Arlington, Va., digital-security firm Cyber Squared.

"The attackers have simply registered for a free Dropbox account, uploaded the malicious content and then publicly shared it with their targeted users," a Cyber Squared blog posting explained last week.

For malicious hackers, Dropbox is an attractive malware distribution platform because it's widely used in the corporate environment and is unlikely to be blocked by IT security teams.

In this way, Cyber Squared wrote, "the attackers could mask themselves behind the trusted Dropbox brand, increasing credibility and the likelihood of victim interaction with the malicious file from either personal or corporate Dropbox users."

The first string includes an Internet Protocol address, which computers use to find websites; the second string references port 443, which the Internet Protocol sets aside for encrypted Web connections.

The WordPress blog was thus telling the malware where to go for further instructions and which port to connect on. (The URL in the example above is TechNewsDaily's own.)

Cyber Squared didn't wait to see what would happen after the malware received its instructions. Previous Comment Crew attacks have included mass penetration of organizational network, theft of intellectual property and other data and installation of spyware to keep track of a targeted user's online activities and communications.